FORM and BASIC authentication in the same web app

Can we have FORM based authentication for certain resources while BASIC authentication for other resources as far as JBOSS is concerned?

Basically, I want first the browser to prompt the user for username and password using BASIC authentication. And then when the user enters in to home page, he/she will click on the Login link and then the JBOSS's security with JAAS should come into play. The user, after clicking the Login link will be shown a login page and this login and authentication must be based on JAAS as the link here shows.

I have already implemented BASIC authentication. But now stuck as to how to include JBOSS's DatabaseServerLoginModule.

Basically, I want first the browser to prompt the user for username and password using BASIC authentication. And then when the user enters in to home page, he/she will click on the Login link and then the JBOSS's security with JAAS should come into play. The user, after clicking the Login link will be shown a login page and this login and authentication must be based on JAAS as the link here shows.

Why do you want to ask for login credentials twice? And by the way, even when using BASIC authentication, you can still configure the AS to use a DatabaseServerLoginModule in the backend.

Jaikiran Pai wrote: Why do you want to ask for login credentials twice? And by the way, even when using BASIC authentication, you can still configure the AS to use a DatabaseServerLoginModule in the backend.

The application basically will first open up the home page. Since it is still in it's early days. So, we want to protect the app from outside world. This BASIC authentication will be removed when the app goes to production.

As for JAAS implementation, we are planning to have JAAS security in the JBOSS to authenticate user.

Either I did not understand your question or I have got my security configuration knowledge completely wrong

So, we want to protect the app from outside world. This BASIC authentication will be removed when the app goes to production.

....As for JAAS implementation, we are planning to have JAAS security in the JBOSS to authenticate user.

What I meant in my previous reply was that BASIC auth-method and JAAS are not mutually exclusive. You can use JAAS with BASIC auth-method and when you wish to switch to FORM based authentication, you just change the auth-method to FORM.

Girish Vasmatkar
Ranch Hand

Joined: Apr 24, 2008
Posts: 201

posted Mar 12, 2010 00:39:40

0

Okay, then, is there any link or concrete example of JASS based security with DataBaseLoginModule?
The link I posted seems quite confusing to me.
It would be of great help.!!